ebook img

Guide to Internet Cryptography. Security Protocols and Real-World Attack Implications PDF

535 Pages·2022·10.173 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Guide to Internet Cryptography. Security Protocols and Real-World Attack Implications

Information Security and Cryptography Jörg Schwenk Guide to Internet Cryptography Security Protocols and Real-World Attack Implications Information Security and Cryptography Series Editors David Basin , Department of Computer Science F 106, ETH Zürich, Zürich, Switzerland Kenny Paterson, Information Security Group, Royal Holloway, University of London, Egham, Surrey, UK Editorial Board Michael Backes, Department of Computer Science, Saarland University, Saarbrücken, Saarland, Germany Gilles Barthe, IMDEA Software Institute, Pozuelo de Alarcón, Madrid, Spain Ronald Cramer, CWI, Amsterdam, The Netherlands Ivan Damgård, Department of Computer Science, Aarhus University, Aarhus, Denmark Robert H. Deng , Singapore Management University, Singapore, Singapore Christopher Kruegel, Department of Computer Science, University of California, Santa Barbara, CA, USA Tatsuaki Okamoto, Okamoto Research Lab., NTT Secure Platform Laboratories, Musashino-shi, Tokyo, Japan Adrian Perrig, CAB F 85.1, ETH Zurich, Zürich, Switzerland Bart Preneel, Department Elektrotechniek-ESAT /COSIC, University of Leuven, Leuven, Belgium Carmela Troncoso, Security and Privacy Engineering Lab, École Polytechnique Fédérale de Lausa, Lausanne, Switzerland Moti Yung , Google Inc, New York, NY, USA InformationSecurity–protectinginformationinpotentiallyhostileenvironments– is a crucial factor in the growth of information-based processes in industry, business, and administration. Cryptography is a key technology for achieving information security in communications, computer systems, electronic commerce, and in the emerging information society. Springer’s Information Security & Cryptography (IS&C) book series covers all relevant topics, ranging from theory to advanced applications. The intended audience includes students, researchers and practitioners. ö J rg Schwenk Guide to Internet Cryptography Security Protocols and Real-World Attack Implications 123 Jörg Schwenk Chairfor Network andData Security RuhrUniversity Bochum Bochum, Germany ISSN 1619-7100 ISSN 2197-845X (electronic) Information Security andCryptography ISBN978-3-031-19438-2 ISBN978-3-031-19439-9 (eBook) https://doi.org/10.1007/978-3-031-19439-9 ©TheEditor(s)(ifapplicable)andTheAuthor(s),underexclusivelicensetoSpringerNature SwitzerlandAG2022 Thisworkissubjecttocopyright.AllrightsaresolelyandexclusivelylicensedbythePublisher,whether thewholeorpartofthematerialisconcerned,specificallytherightsofreprinting,reuseofillustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission orinformationstorageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilar methodologynowknownorhereafterdeveloped. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publicationdoesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfrom therelevantprotectivelawsandregulationsandthereforefreeforgeneraluse. The publisher, the authors, and the editorsare safeto assume that the adviceand informationin this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained hereinorforanyerrorsoromissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregard tojurisdictionalclaimsinpublishedmapsandinstitutionalaffiliations. ThisSpringerimprintispublishedbytheregisteredcompanySpringerNatureSwitzerlandAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland Tomywifeandmychildren Preface Inthelasttwodecades,numerousresearchpapershaveconsiderablyexpandedour knowledgeofInternetcryptography,takingintoaccountalldetailsofthedifferent standardsandimplementations.Someofthesepapers,especiallythoseonTLS,im- pactedstandardization.Thisinterplaybetweenstandardization,implementation,and research is exemplified in TLS 1.3, where numerous research efforts accompanied morethanfouryearsofstandardization. Thisinterplayisthetopicofthisbook.EssentialInternetstandardsaredescribed inalanguageclosetoappliedcryptographicresearch.Attacksonimplementations ofthesestandardsarecollectedfromacademicandnon-academicresearchbecause these attacks are our primary source of new insights into real-world cryptography. Summarizing all this information in a single book allows for highlighting cross- influences in standards (e.g., EAP protocols and MIME types) and similarities in cryptographic constructions (e.g., the use of Diffie-Hellman key exchange and challenge-and-responsebuildingblocksinnumerousprotocols). Thisbookisroughlydividedintothreeparts.Sections1to4provideanoverview andthenecessarycryptographicbackgroundfortheotherchapters.Attheendofthe book,sections20and21provideadditional,helpfulbackgroundonInternetsecurity, whichis,however,notrequiredfortherestofthebook. Important cryptographic standards are described and analyzed in sections 5 to 19. These sections are assigned to TCP/IP network layers, starting from the link layer.Shortintroductionstothesenetworklayerswereaddedtokeepthebookself- contained. The length of the different chapters differs significantly, which more or lessreflectstheamountofresearchdone.Therearethreemainfocuses:IPsec,TLS, andsecuree-mail.IPsecisahiddenchampionhere:Itisaverycomplexecosystemof standards,withdeploymentsinnon-publicnetworks,whichmakesresearchdifficult. Sinceitsintroduction,TLShasreceivedmuchattentionintheresearchcommunity.It providedthefirstreal-worldexampleofanadaptivechosen-ciphertextvulnerability. Numerous other attacks have improved our knowledge of TLS; TLS 1.3. is now hardenedagainstallkindsofattacks.Thiswealthofinformationmadeitnecessary to devote four chapters to TLS. The last of these chapters summarizes nearly all attacksonTLSpublishedsofarandisperhapsthebook’smostexcitingpart.Despite vii viii Preface new developments like instant messaging and video conferencing, the security of e-mailcommunicationisstillessentialingovernmentandbusiness.Thistopiclends itselftobedividedintoseveralchapters:ThereareOpenPGP,S/MIME,attackson bothstandards,andSPAMprevention. To condense all this knowledge into a single book, omissions are inevitable. Cryptographicprimitivesaretreatedasblackboxes.Weonlydivedeeperintotheir internalstructureifitisnecessarytounderstandspecificattacks.Themathematical formalism is reduced to a minimum and only introduced where it is necessary to explain important cryptographic concepts. For the time being, we omitted post- quantumcryptographybecausetheintegrationofthesenewprimitivesintoexisting standardsisnotyetstable.Blockchainsareoutofthescopeofthisbook,butinstant messagingprotocolsmaybeincludedinfutureeditions. Each chapter has a related work section and Problems. Related work should be regarded as suggestions for further reading, not as an exclusive list of all essential publications.Withmanyexcellentresearchersworldwide,itcanneverbecomplete. Problemsaretakenfromthetwo-semesterundergraduatecourseinnetworksecurity at Ruhr University Bochum, both from the weekly exercises and the final exams. They should help to test the reader’s knowledge of the subject and may serve as blueprintsforothercourses. Thisbookisintendedasaguidelineforacademiccoursesandareferenceguide onInternetsecurity.Chapters5to19canbetaughtinanyorder,onlythesectionson TLSshouldbeconsideredaseqence.Referencestostandardsshouldbeup-to-date; detailsomittedherecanbefoundthere. Acknowledgements Iwanttotaketheopportunitytothankeveryonewhohelped me to present themany topics of this book indetail. Without the research work at theChairofNetworkandDataSecurityandtheintensivediscussionsaboutrelated work,technicaldetailsofRFCs,andsoftwareimplementationsthatwentalongwith it,manychapterswouldhavebeenmuchshorterandlessprofound.Beforegoingto print,Ihadtheprivilegetopresenttheindividualchapterstorealspecialistsinthe respectivefield. For the current edition I would therefore like to thank, in alphabetical order: FabianBäumer,MarcusBrinkmann,NurullahErinola,Dr.DennisFelsch,Matthias Gierlings, Dr. Martin Grothe, Dr. Mario Heiderich, Matthias Horst, Prof. Dr. Ti- bor Jager, Louis Jannett, Lukas Knittel, Dr. Sebastian Lauer, Marcel Maehren, Dr. Christian Mainka, Dr. Robert Merget, Dr. Vladislav Mladenov, Dr. Jens Müller, Dr. Marcus Niemietz, Dominik Noss, Dr. Damian Poddebniak, Simon Rohlmann, Dr.PaulRösler,Prof.Dr.SebastianSchinzel,CarstenSchwenk,Prof.Dr.JurajSo- morovsky,Prof.Dr.DouglasStebila,TobiasWichandPetraWinkel.Thefoundations forthisbookwere,ofcourse,laidearlier,andsothesethanksnaturallyalsogotoall formermembersofthechair. Lastbutnotleast,Iwouldliketothankmywife,Beate,whohelpedmewiththe finaleditingandmadevaluablesuggestionsforrevisions,andmychildren,whogave methetimetoworkonthisbook. Additionalmaterialoninternetcryptographycanbefoundatinternet-cryptography.org. Bochum,September2022 JörgSchwenk Contents 1 TheInternet................................................... 1 1.1 TCP/IPCommunicationModel ............................... 1 1.1.1 LinkLayer.......................................... 3 1.1.2 Internetlayer........................................ 4 1.1.3 TransportLayer...................................... 5 1.1.4 ApplicationLayer.................................... 5 1.2 ThreatsontheInternet ...................................... 6 1.2.1 PassiveAttacks...................................... 6 1.2.2 ActiveAttacks....................................... 7 1.3 CryptographyontheInternet................................. 9 RelatedWork................................................... 10 Problems ...................................................... 10 References ..................................................... 10 2 Cryptography:Confidentiality................................... 13 2.1 Notation .................................................. 13 2.2 SymmetricEncryption ...................................... 14 2.2.1 BlockCiphers ....................................... 16 2.2.2 BlockCipherModesofOperation ...................... 17 2.2.3 StreamCiphers ...................................... 19 2.2.4 Pseudo-randomSequences ............................ 20 2.3 AsymmetricEncryption ..................................... 21 2.4 RSAEncryption ........................................... 22 2.4.1 TextbookRSA....................................... 22 2.4.2 PKCS#1............................................ 23 2.4.3 OAEP.............................................. 24 2.5 Diffie-HellmanKeyExchange ................................ 25 2.5.1 Diffie-HellmanKeyExchange(DHKE).................. 25 2.5.2 Mathematics:Groups................................. 26 2.5.3 ComplexityAssumptions.............................. 28 2.6 ElGamalencryption ........................................ 31 ix x Contents 2.6.1 ElGamalencryption.................................. 31 2.6.2 KeyEncapsulationMechanism(KEM) .................. 32 2.7 HybridEncryptionofMessages .............................. 33 2.8 SecurityGoal:Confidentiality ................................ 34 RelatedWork................................................... 36 Problems ...................................................... 37 References ..................................................... 39 3 Cryptography:IntegrityandAuthenticity......................... 43 3.1 HashFunctions ............................................ 43 3.1.1 StandardizedHashFunctions .......................... 43 3.1.2 SecurityofHashFunctions ............................ 44 3.2 MessageAuthenticationCodesandPseudo-randomFunctions ..... 47 3.3 AuthenticatedEncryption.................................... 49 3.4 DigitalSignatures .......................................... 50 3.5 RSASignature............................................. 51 3.5.1 TextbookRSA....................................... 51 3.5.2 RSA-PKCS#1 ....................................... 52 3.6 DiscreteLogBasedSignatureSchemes ........................ 52 3.6.1 ElGamalsignature ................................... 53 3.6.2 DSSandDSA....................................... 54 3.7 SecurityGoal:IntegrityandAuthenticity....................... 55 3.8 SecurityGoal:ConfidentialityandIntegrity .................... 56 RelatedWork................................................... 57 Problems ...................................................... 58 References ..................................................... 59 4 CryptographicProtocols ........................................ 63 4.1 Passwords................................................. 63 4.1.1 Username/PasswordProtocol .......................... 63 4.1.2 DictionaryAttacks ................................... 65 4.1.3 RainbowTables ..................................... 66 4.2 AuthenticationProtocols .................................... 67 4.2.1 One-Time-Password-Protocol(OTP) .................... 68 4.2.2 Challenge-and-ResponseProtocol ...................... 69 4.2.3 Certificate/VerifyProtocol ............................ 70 4.2.4 MutualAuthentication................................ 71 4.3 KeyAgreement ............................................ 71 4.3.1 PublicKeybasedKeyAgreement ...................... 71 4.3.2 SymmetricKeyAgreement............................ 72 4.4 AuthenticatedKeyAgreement................................ 73 4.5 Attacksandsecuritymodels.................................. 73 4.5.1 ProtocolSecurityModels ............................. 74 4.5.2 GenericAttacksonProtocols .......................... 75 4.6 Certificates................................................ 76

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.